introduce some kind of action primitive; still a wip#458
Conversation
aneeshali
left a comment
aneeshali
left a comment
There was a problem hiding this comment.
Thanks a lot @raginpirate for this PR. Added a few comments based on the last discussion.
| | `id` | string | ✓ | Unique, unguessable identifier for this action. Echoed in the result and used by the platform to correlate the result against the outstanding action. Treat as a capability token: origin checks are defense in depth, not the trust boundary. | | ||
| | `code` | string | ✓ | Reverse-domain identifier for the action category, owned by the capability or handler protocol that defines the action's semantics. See [Action Codes](#action-codes). | | ||
| | `severity` | string | ✓ | `optional` \| `recoverable` \| `requires_buyer_input`. See [Action Severity](#action-severity). | | ||
| | `url` | string | ✓ | The URL to render or navigate to. **MUST** use the `https` scheme. | |
There was a problem hiding this comment.
The current proposal simplifies the action object by only providing a url (which implies a standard HTTP GET), and relies on the business/PSP to host a same-origin "relay" page if they need to perform a POST or carry rich payloads (like EMVCo's creq or threeDSMethodData). While this keeps the UCP platform implementation simple, it forces the business/PSP to host intermediate relay pages for common flows like 3DS. It might be more robust to allow UCP to transport the request configuration directly.
Please consider expanding the action object to support rich request payloads natively with http method, body, headers, encoding etc.
There was a problem hiding this comment.
👍 yeah this base shape needed work. I just pushed an update to simplify actions to their core: a rev-dns code + severity + config and opened up some 3ds as an example implementation of an action, with a defined transport mechanism and config in isolation. This is still heavily a WIP but hopefully the rough direction is making sense, and I'm happy to keep gathering this very early feedback!
|
|
||
| ## Actions | ||
|
|
||
| ### Overview |
There was a problem hiding this comment.
The introduction of the actions primitive significantly alters the Checkout lifecycle and state transition flows. Instead of a single terminal complete_checkout call, we now have multi-step loops. We should explicitly document and visualize these flows where a complete can be followed by an update and a subsequent complete. It might be better to have a dedicated state diagram to capture this variant when actions are involved.
Also wondering if we need to call out any checkout state transitions when actions are involved.
| } | ||
| ``` | ||
|
|
||
| **3DS challenge (modal, required).** The ACS lives on a different |
There was a problem hiding this comment.
I was wondering how we should be documenting the nuances of 3DS challenges so the PSPs have clarity on the exact communication for the following:
- DDC step and its optimization using updateCheckout.
- Passing additional signals to complement the DDC step.
Should any of these mentioned in the UCP and provided as a guide? OR should it be treated more of the payment handler responsibility, so they can have their own documentation?
raginpirate
force-pushed
the
raginpirate/embedded-frame-action
branch
from
fa54c5c to
021b31b
Compare
aneeshali
left a comment
aneeshali
left a comment
There was a problem hiding this comment.
Thanks a lot @raginpirate for a productive discussion. Left a couple minor comments.
| ```json | ||
| { | ||
| "jsonrpc": "2.0", | ||
| "method": "pa.done", |
There was a problem hiding this comment.
Hey @raginpirate while defining only a "pa.done" without any extra payload simplifies the work for the platform, please confirm if there are any security implications with this approach.
| platform's next checkout call causes the business to observe that the external | ||
| step has completed. | ||
|
|
||
| ### Examples |
There was a problem hiding this comment.
IIRC, there was a suggestion to also keep a non-3ds example to validate that the solution works more broadly. Student/military discounts and account verification were brought up as examples. It would be great if we could illustrate one such example as well.
2 participants
Description
Category (Required)
Please select one or more categories that apply to this change.
ucp-schematool (resolver, linter, validator). (Requires Maintainer approval)Related Issues
Checklist
!for breaking changes).Screenshots / Logs (if applicable)